phpMyShop compte.php SQL Injection Vulnerability

phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries.

This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process.


Privacy Statement
Copyright 2010, SecurityFocus